HHS OCR Settles Milestone Phishing Attack Investigation

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

December 14, 2023

Apurva Dharia , Davis Wright Tremaine LLP
Adam Greene , Davis Wright Tremaine LLP

Share this:

On December 7, 2023, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $480,000 settlement with a Louisiana medical group that was the victim of a phishing attack. The settlement, which also requires the group to implement a corrective action plan, is the first settlement that OCR has resolved for a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules (“HIPAA Rules”). HHS describes a phishing attack as a type of cybersecurity attack used to trick individuals into disclosing sensitive information via electronic communication, such as email, by impersonating a trustworthy source.

HHS OCR Settles Milestone Phishing Attack Investigation

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

ARTICLE TAGS

You must be logged in to access this content.

Cookie Consent

HHS OCR Settles Milestone Phishing Attack Investigation

This Bulletin is brought to you by AHLA’s Health Information and Technology Practice Group.

ARTICLE TAGS

You must be logged in to access this content.